AD synchronisation

A nice feature of CUE User Manager is that you can instantly login into CUE Editor using the users you have in AD. For this to work, the users and their groups must be synced from AD to the IAM system. CUE User Manager will then in turn on demand, create these users and groups inside CUE Content Store if they don't already exist.

How the IAM systems copies users and groups from AD is system dependent and you need to look into the appropriate documentation on this. Typically, you want the IAM system to pull the data from AD, leaving AD oblivious to the existence of the IAM system.

If the IAM doesn't sync groups

Some IAMs, like Gluu, will not sync the groups from AD, in which case you must ensure the group IDs are present as a list of strings in the SCIM user object's userGroups field. This field is a custom extension that you must add to your SCIM user model, see System for Cross-domain Identity Management 2 (SCIM).

You must be sure to set up the AD synchronisation to map from AD's memberOf attribute to the IAM LDAP user's userGroups field and that this field is of a multi value string type.

CUE User Manager can now create native IAM user groups using this userGroupsfield, see user-manager.yaml.